New samba packages are available for Slackware 14.0, 14.1, 14.2, and -currentto fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:+--------------------------+patches/packages/samba-4.4.15-i586-1_slack14.2.txz: Upgraded. This update fixes an authentication validation bypass security issue: "Orpheus' Lyre mutual authentication validation bypass" All versions of Samba from 4.0.0 onwards using embedded Heimdal Kerberos are vulnerable to a man-in-the-middle attack impersonating a trusted server, who may gain elevated access to the domain by returning malicious replication or authorization data. Samba binaries built against MIT Kerberos are not vulnerable. For more information, see:https://www.samba.org/samba/security/CVE-2017-11103.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103 (* Security fix *)+--------------------------+

Where to find the new packages:+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)

+------------------------------------------------------------------------+| To leave the slackware-security mailing list: |+------------------------------------------------------------------------+| Send an email to majordomo@slackware.com with this text in the body of || the email message: || || unsubscribe slackware-security || || You will get a confirmation message back containing instructions to || complete the process. Please do not reply to this email address. |+------------------------------------------------------------------------+-----BEGIN PGP SIGNATURE-----